gen_stmm_hex.py - OpenGrok history log for /optee_os/scripts/gen_stmm

Revision		Date	Author	Comments
# 42471ecf		11-Sep-2019	Jens Wiklander <jens.wiklander@linaro.org>	core: load stmm via secure partition Secure variable storage for EFI variables is critical for enabling and protecting UEFI Secure Boot. Unfortunately due to the fact that SPD and SPM are mutually e core: load stmm via secure partition Secure variable storage for EFI variables is critical for enabling and protecting UEFI Secure Boot. Unfortunately due to the fact that SPD and SPM are mutually exclusive, we can't run StMM from EDK2 and OP-TEE. An advantage of doing so is that different firmware implementations can leverage EDK2's StandAloneMM and in cooperation with OP-TEE RPMB APIs can store UEFI variables in a secure storage. This makes the variable storage quite generic in any device with an RPMB partition. Using a well debugged application is preferable over rewriting the whole application as a TA. Another advantage is that this inherits the Fault Tolerant Writes (FTW) functionality built-in on StMM to protect variables against corruptions during writing. Considering the FFA changes of the future Arm architectures using an SP that includes everything seems like a better choice at the moment. The 'SPM emulation' currently added into OP-TEE only supports a single SP to be launched. This means that the StMM embedded application has the RPMB driver built in at the moment. In the future we can add code (evolving FFA) to launch multiple SPs. So the StMM variable handling can be decoupled from the RPMB driver, which will reside in a different SP. So let's add a user mode secure partition context and support loading "Standalone MM" of EDK2 into it. A separate syscall handling is added to serve as different kind of ABI and syscall IDs. The secure partition has a TA like interface towards normal world, but requests are routed into the StMM partition instead. CFG_STMM_PATH is assigned the path of BL32_AP_MM.fd, for instance: CFG_STMM_PATH=...Build/QemuVirtMmStandalone/DEBUG_GCC5/FV/BL32_AP_MM.fd Since this is quite tricky to compile and test you can use this [1]. Just clone the repo and run ./build.sh. The script will pick up edk2, edk2-platforms, op-tee, atf and U-boot and compile all the necessary binaries for QEMU. A patch (awful hack) has been added to U-boot to allow RPMB emulation through it's supplicant, since QEMU RPMB emulation is not yet available. After compiling and launching QEMU the usual U-boot commands for EFI variable management will store the variables on an RPMB device. [1] https://git.linaro.org/people/ilias.apalodimas/efi_optee_variables.git/ Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Co-developed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Co-developed-by: Pipat Methavanitpong <pipat1010@gmail.com> Signed-off-by: Pipat Methavanitpong <pipat1010@gmail.com> Co-developed-by: Miklos Balint <Miklos.Balint@arm.com> Signed-off-by: Miklos Balint <Miklos.Balint@arm.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> show more ...

Revision

Date

Author

Comments

# 42471ecf

11-Sep-2019

Jens Wiklander <jens.wiklander@linaro.org>

core: load stmm via secure partition

Secure variable storage for EFI variables is critical for enabling and
protecting UEFI Secure Boot. Unfortunately due to the fact that SPD and
SPM are mutually e

core: load stmm via secure partition

Secure variable storage for EFI variables is critical for enabling and
protecting UEFI Secure Boot. Unfortunately due to the fact that SPD and
SPM are mutually exclusive, we can't run StMM from EDK2 and OP-TEE.
An advantage of doing so is that different firmware implementations
can leverage EDK2's StandAloneMM and in cooperation with OP-TEE RPMB
APIs can store UEFI variables in a secure storage.
This makes the variable storage quite generic in any device with an RPMB
partition.

Using a well debugged application is preferable over rewriting the whole
application as a TA. Another advantage is that this inherits the Fault
Tolerant Writes (FTW) functionality built-in on StMM to protect
variables against corruptions during writing. Considering the FFA
changes of the future Arm architectures using an SP that includes
everything seems like a better choice at the moment.
The 'SPM emulation' currently added into OP-TEE only supports
a single SP to be launched. This means that the StMM embedded
application has the RPMB driver built in at the moment. In the future we
can add code (evolving FFA) to launch multiple SPs. So the StMM variable
handling can be decoupled from the RPMB driver, which will reside in a
different SP.

So let's add a user mode secure partition context and support loading
"Standalone MM" of EDK2 into it. A separate syscall handling is added to
serve as different kind of ABI and syscall IDs. The secure partition has
a TA like interface towards normal world, but requests are routed into
the StMM partition instead.

CFG_STMM_PATH is assigned the path of BL32_AP_MM.fd, for instance:
CFG_STMM_PATH=...Build/QemuVirtMmStandalone/DEBUG_GCC5/FV/BL32_AP_MM.fd

Since this is quite tricky to compile and test you can use this [1].
Just clone the repo and run ./build.sh. The script will pick up edk2,
edk2-platforms, op-tee, atf and U-boot and compile all the necessary
binaries for QEMU. A patch (awful hack) has been added to U-boot to
allow RPMB emulation through it's supplicant, since QEMU RPMB emulation
is not yet available.
After compiling and launching QEMU the usual U-boot commands for EFI
variable management will store the variables on an RPMB device.

[1] https://git.linaro.org/people/ilias.apalodimas/efi_optee_variables.git/

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Co-developed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Co-developed-by: Pipat Methavanitpong <pipat1010@gmail.com>
Signed-off-by: Pipat Methavanitpong <pipat1010@gmail.com>
Co-developed-by: Miklos Balint <Miklos.Balint@arm.com>
Signed-off-by: Miklos Balint <Miklos.Balint@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>